Archive

Archive for the ‘Privacy Laws’ Category

McAfee Data Protection, HIPPA, HITECH and breach notification.

September 14, 2009 Leave a comment

Last week, one of my colleagues asked me to comment on 45 CFR Parts 160 and 164, which for those of us who can’t remember all the code names for the various USA Federal docs, is the one in which the Department of Health and Human Services publishes its interim final rule under HIPPA and HITECH re what data falls under these regulations, what a “breach” means, and the conditions in which data is deemed to have been “protected”.

Under HITECH/HIPPA, basically there is a duty in the USA to care for the privacy of “unsecured protected health information” – this means that anyone electronically processing our heath information has a duty of care to make sure no unauthorised people gain access to it, and a legal duty to inform us if a breach (or possible breach) of trust occurs. Read more…

Categories: Data Loss, PHI, PII, Privacy Laws Tags: , , , ,

FSA Fines HSBC Companies $7,500,000 for data security issues

July 23, 2009 Leave a comment

Following on from my recent posts regarding fines and the cost of data leakage (TJX and Cornell), I thought I’d also bring to your attention the latest initiated by the FSA (Financial Services Authority of UK) against HSBC – On 22nd July A tidy penalty of £4,550,000 ($7.5m) for two failures to protect personal information. HSBC will get a nice 30% discount on this for early payment, leaving them with a bill for £3,185,000 ($5.26m) plus their own internal costs.

Read more…

Categories: Data Loss, PII, Privacy Laws, Security/Exploits Tags: , , , , ,

Changes to PII and PCI regulations in Nevada

July 8, 2009 Leave a comment

This week Linda McGlasson talked on BankInfo security about some changes to Nevada’s data protection stance. Nevada’s laws are no less complex than other states, but interestingly they have a few which, when combined, give a tighter than usual position.

The interesting bills are CHAPTER 603A – SECURITY OF PERSONAL INFORMATION, which deals with the regulations of Business Practices. This law puts the state teeth behind the PCI regulations, enforcing things which the payment card industry require as part of PCI compliance with state-driven criminal and financial penalties. Read more…

Categories: Cryptography, Data Loss, PII, Privacy Laws, Security/Exploits Tags: , ,

Lose One Customers data, tell EVERY customer?

June 16, 2009 Leave a comment

For the last few weeks I’ve been traveling around the country presenting at our Security Innovation Alliance roadshow. It’s been great meeting and presenting alongside some of the 60+ companies who’ve chosen to integrate their security products into McAfee’s ePO platform. Looking at the portfolio it seems that soon it might actually be possible to service any IT security need through one pane-of-glass management interface.

One question that came from the audience during one of the sessions surprised me, as it wasn’t about IT at all. The question was “What laws apply to PII in printouts?”

Well, unfortunately the simple and unfortunate answer is – all of them. Read more…

Categories: Data Loss, PII, Privacy Laws Tags: , ,

Hackers – Criminals, Pirates – Politicians…

June 12, 2009 Leave a comment

It’s been an interesting week in the IT world with some quite amazing (to me anyway) news. No, I’m not referring to the FTC’s decision to shut down the known spam ISP Pricewert, or the announcement by T-Mobile that their network had not indeed been hacked…

I’m referring to the news that the Swedish “Pirate Party” gained a seat in the European Parliament. Read more…

Categories: Privacy Laws Tags: , ,